Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Scams and Targeting Read chapter Read first chapter

2016 | OriginalPaper | Chapter

11. Case Study: Business Email Compromise

Author : Markus Jakobsson

Published in: Understanding Social Engineering Based Scams

Publisher: Springer New York

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

This chapter looks at Business Email Compromise, first describing the structure of common aspects of this scam, and then turning to countermeasures. It is worth noting that many other scams have related structures—for example, scammers commonly use stolen accounts for both Business Email Compromise scams and for Stranded Traveler scams (discussed in Chap. 7) Similarly, just as Business Email Compromise scams commonly use spoofing or masquerading using cousin-name domains, many Trojan Horse distribution campaigns masquerade as trusted senders to convince an intended victim to perform actions intended to infect his or her computer.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Case Study: Romance Scams
next chapter Conclusion and Next Steps
Footnotes
1
In one very common version of the BEC scam, a person able to perform payments and transfers in a company receives an email from the CEO of the company—or so it appears—in which the recipient is asked to help perform a transaction. In a version of this scam, also commonly figuring the CEO as the supposed sender of the scam email, a person in HR receives a request to transmit W-2 information about some employees. This information is commonly used to file tax returns on behalf of the employees, effectively allowing the scammer to steal money from the government by obtaining tax refunds on behalf of people they impersonate—whether these people really should expect a refund or not.
 
2
In fact, many email readers do not even display the sender’s address—this is clearly a problem, as it simplifies the task of masquerading users dramatically.
 
3
In a typical typo-squatting attack, an attacker registers a domain with a reasonably common misspelling, hoping that unfortunate users will make a mistake and either direct their browsers or outgoing emails to a server controlled by the attacker. Typo-squatting is not yet a very common approach among scammers, but is worth addressing, especially in the context of companies associated with sending confidential information by email.
 
Literature
1.
2.
3.
C. Soghoian, O. Friedrichs, M. Jakobsson, The threat of political phishing, in International Symposium on Human Aspects of Information Security & Assurance (HAISA 2008), Port Elizabeth (2008)
Metadata
Title
Case Study: Business Email Compromise
Author
Markus Jakobsson
Copyright Year
2016
Publisher
Springer New York
Book
Understanding Social Engineering Based Scams

Print ISBN: 978-1-4939-6455-0

Electronic ISBN: 978-1-4939-6457-4

Copyright Year: 2016

DOI
https://doi.org/10.1007/978-1-4939-6457-4_11

Premium Partner

    Image Credits